shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-02-03 17:47:28 +03:00
Code

varlink: enforce a maximum size limit on replies collected via varlink_collect()

Browse Source 
We should not allow servers to blow up client's memory without bounds,
hence set a (high) limit on replies we'll collect before failing.
This commit is contained in:
Lennart Poettering 2024-02-07 11:41:20 +01:00
parent 15138e7980
commit 0430a11eb4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/varlink.c
View File

@ -37,6 +37,7 @@
#define VARLINK_DEFAULT_TIMEOUT_USEC (45U*USEC_PER_SEC)
#define VARLINK_BUFFER_MAX (16U*1024U*1024U)
#define VARLINK_READ_SIZE (64U*1024U)
#define VARLINK_COLLECT_MAX 1024U
typedef enum VarlinkState {
/* Client side states */
@ -2348,6 +2349,9 @@ static int collect_callback(
return 0;
}
if (json_variant_elements(context->parameters) >= VARLINK_COLLECT_MAX)
return varlink_log_errno(v, SYNTHETIC_ERRNO(E2BIG), "Number of reply messages grew too large (%zu) while collecting.", json_variant_elements(context->parameters));
r = json_variant_append_array(&context->parameters, parameters);
if (r < 0)
return varlink_log_errno(v, r, "Failed to append JSON object to array: %m");